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DETAILED ACTION 



1. 



Claims 1-21 liave been examined. 



Claim Rejections • 35 (JSC §112 



2. Tlie following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 14-16 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 14-16 recite "a method" in the preamble, 
however, the independent claim 11 in which claims 14-16 depend on recite "a computer 
readable medium". Appropriate correction is required. 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



5. Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. It is not tangibly embodied as it is only software 
per se. It is suggested that the claimed subject matter "computer executable software 



Claim Rejections - 35 USC § 101 



4. 



35 U.S.C. 101 reads as follows: 
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code ..." should be changed to "computer executable code stored on a computer- 
readable medium 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-4, 6-12 and 14-21 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Gupta et al. United States Letter Patent Number 6.226.752. 

As per claim 1: 

Gupta et al. teach a method for validating credentials comprising: 

determining, at a first system, that a client does not have a valid session 
credential for the first system; (Col. 7. lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 

retrieving, at the first system, information from a session token held by the client, 
the information corresponding to a possible session credential for a second system; 
(CoL 7. lines 3-4; Col. 11. lines 66-67 and Col. 12. lines 1-6) 

presenting at least some of the information from the session token to the second 
system; (Col. 7, lines 5-6; Col. 12, lines 13-23) and 



Application/Control Number: 1 0/026,403 Page 4 

Art Unit: 2133 

determining whether the client has a valid session credential with the second 
system. (Col. 7. lines 6-9; CoL 12, lines 25-30) 
As per claim 2: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising granting a session credential to the client on 
the first system, after determining that the client has a valid session credential for the 
second system. (Col. 7, lines 10-12; Col. 12, lines 48-49) 
As per claim 3: 

Gupta et ah teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising sending a session token to the client, the 
token corresponding to the session credential on the first system. (Col. 12, lines 52-53) 
As per claim 4: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising directing the client to the second system to 
establish a session credential, after determining that the client does not have a valid 
session credential for the second system. (Col. 12, lines 54-60) 
As per claim 6: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising maintaining the client session credential with 
the second system. (Col. 12, lines 54-60; Col. 13, lines 24-26) 
As per claim 7: 
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Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method wherein determining whether the client has a valid 
credential with the second system is at least partially from presenting at least some of 
the information from the session token. (CoL 12, lines 66-67 and Col. 13, lines 1-5) 
As per claim 8: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method wherein retrieving information from the session token 
held by the client comprises: sending a query to the client from the first system, the 
query including identification as originating from a domain name corresponding to the 
second system; and receiving a response to the query. (Col. 12, lines 48-61) 
As per claim 9: 

Gupta et al. teach a method for validating session credentials of a client 
comprising: 

determining, at a first system, that a client does not have a valid session 
credential for the first system; (Col. 7, lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 

retrieving, at the first system, information from a session token held by the client, 
the information corresponding to a session credential for a second system, wherein 
retrieving information from the session token held by the client comprises receiving a 
session token from the client corresponding to the second system; (Col. 7, lines 3-4; 
Col. 11, lines 66-67 and Col. 12, lines 1-6) 

presenting at least some of the information from the session token to the second 
system; (Col. 7. lines 5-6; Col. 12, lines 13-23) 
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determining whether the client has a valid session credential with the second 
system, wherein determining whether the client has a valid credential with the second 
system is at least partially from presenting information from the session token; (Col. 7, 
lines 6-9;. CoL 12, lines 25-30) 

granting a session credential to the client on the first system, after determining 
that the client has a valid session credential for the second system; (Col. 7, lines 10-12; 
Col. 12, lines 48-49) 

sending a session token to the client, the token corresponding to the session 
credential on the first system; (Col. 12, lines 52-53) and 

maintaining the client session credentials. (Col. 12, lines 54-60; Col. 13, lines 24- 

26) 

As per claim 10: 

Gupta et al. teach a computer executable software code transmitted as an 
information signal, the code for validating credentials, the code comprising: 

code to determine, at a first system, that a client does not have a valid session 
credential for the first system; (Col. 7, lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 

code to retrieve, at the first system, information from a session token held by the 
client, the information corresponding to a possible session credential for a second 
system; (Col. 7, lines 3-4; Col. 11, lines 66-67 and Col. 12, lines 1-6) 

code to present at least some of the information from the session token to the 
second system; (Col. 7, lines 5-6; Col. 12, lines 13-23) and 
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code to determine whetlier the client has a valid session credential with the 
second system. (Col. 7, lines 6-9; Col. 12. lines 25-30) 
As per claim 1 1 : 

Gupta et al. teach a computer readable medium having computer executable 
code stored thereon, the code for validating credentials, the code comprising: 

code to determine, at a first system, that a client does not have a valid session 
credential for the first system; (Col. 7, lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 

code to retrieve, at the first system, information from a session token held by the 
client, the information corresponding to a possible session credential for a second 
system; (Col. 7, lines 3-4; Col. 11, lines 66-67 and Col. 12, lines 1-6) 

code to present at least some of the information from the session token to the 
second system; (Col. 7, lines 5-6; Col. 12, lines 13-23) and 

code to determine whether the client has a valid session credential with the 
second system. (Col. 7, lines 6-9; Col. 12, lines 25-30) 
As per claim 12: 

Gupta et al. teach a programmed computer for validating credentials, comprising: 
a memory having at least one region for storing computer executable program 

code; (Figure 1. item 115; Col. 7. lines 50-67 and Col. 8, lines 1-20) and 

a processor for executing the program code stored in the memory, (Figure 1, 

item 113; Col. 7, lines 50-67 and Col. 8, lines 1-20) wherein the program code 

comprises: 
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code to determine, at a first system, that a client does not have a valid session 
credential for the first system; (Col. 7, lines 2-3; Col. 1 1 . lines 46-49 and lines 65-66) 

code to retrieve, at the first system, information from a session token held by the 
client, the information corresponding to a possible session credential for a second 
system; (Col. 7, lines 3-4; Col. 11, lines 66-67 and Col. 12, lines 1-6) 

code to present at least some of the information from the session token to the 
second system; (Col. 7, lines 5-6; Col. 12, lines 13-23) and 

code to determine whether the client has a valid session credential with the 
second system. (Col. 7, lines 6-9; Col. 12, lines 25-30) 
As per claim 14: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising granting a session credential for the first 
system. (Col. 7, lines 10-12; Col. 12, lines 48-49) 
As per claim 15: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising granting a session credential for the second 
system. (Col. 12, lines 66-67 and Col. 13, lines 1-5) 
As per claim 16: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising associating session credentials for the first 
system and the second system with the client. (Col. 12, lines 54-60; Col. 13, lines 24- 
26) 
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As per claim 17: 

Gupta et al. teach a method for establishing session credentials comprising: 
determining that a client does not have a valid session credential for a first 
system or a. second system; (Col. 7, lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 
sending, from the second system to the client, a log in page; (Col. 12, lines 24- 

32) 

receiving, at the second system from the client, log in information; (Col. 12, lines 
24-32) and 

sending, from the second system to the first system, information corresponding 
to a session credential for the second system, the session credential granted by the 
second system based at least in part on the log in information; (Col. 7, lines 6-9; Col. 
12, lines 25-30) and 

granting a session credential for the first system. (Col. 7, lines 10-12; Col. 12, 
lines 48-49) 
As per claim 18: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising granting a session credential for the second 
system. (Col. 7, lines 6-9; Col. 12, lines 25-30) 
As per claim 19: 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising associating session credentials for the first 
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system and the second system with the client. (Col. 12, lines 54-60; Col. 13, lines 24- 
26) ' 

As per claim 20: 

Gupta et al. teach a method for validating credentials comprising: 
determining, at a first system, that a client does not have a valid session 

credential for the first system; (Col. 7, lines 2-3; Col. 1 1 , lines 46-49 and lines 65-66) 
redirecting the client to a second system; (Col. 7, lines 5-6; Col. 12, lines 13-23) 
sending, from the second system to the first system, session credentials for the 

second system; (Col. 7, lines 6-9; Col. 12, lines 25-30) 

sending, from the second system to the first system, information indicating that 

the session credentials for the second system are valid. (Col. 7, lines 6-9; Col. 12, lines 

25-30) 

sending, from the first system to the second system, the session credentials for 
the second system; (Col. 7, lines 10-12; Col. 12, lines 48-49) 

determining, at the second system, that the session credentials for the second 
system, received from the first system, are valid; (Col. 13, lines 1-5) and 
As per claim 21 : 

Gupta et al. teach all the subject matter as discussed above. In addition, Gupta 
et al. further disclose a method comprising granting the client session credentials for the 
first system. (Col. 7, lines 10-12; Col. 12. lines 48-49) 
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Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

9. Claims 5 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gupta et al. United States Letter Patent Number 6,226.752 further in view of Makower 
et al. United States Publication Number 2002/0184507. 

As per claim 5: 

Gupta et al. teach all the subject matter as discussed above. Gupta et al. do not 
explicitly disclose a method comprising directing the client to the first system to 
establish a session credential, after determining that the client does not have a valid 
session credential for the second system. 
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Makower et al. in analogous art. however, disclose a method comprising 
directing the client to the first system to establish a session credential, after determining 
that the client does not have a valid session credential for the second system. (Page 4, 
paragraph 31) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Gupta et al. to 
include a method comprising directing the client to the first system to establish a 
session credential, after determining that the client does not have a valid session 
credential for the second system. This modification would have been obvious because a 
person having ordinary skill in the art would have been motivated to do so, as 
suggested by, Makower et al. (Abstract) in order to implement a single-sign on protocol 
independent of the actual authentication mechanism used by different servers. 
As per claim 13: 

Gupta et al. teach a method for establishing session credentials comprising: 

determining that a client does not have a valid session credential for a first 
system or a second system; (Col. 7, lines 2-3; Col. 11, lines 46-49 and lines 65-66) 

sending, from the first system to the second system, the log in information; (Col. 
7, lines 5-6; Col. 12, lines 13-23) and 

receiving, at the first system from the second system, information corresponding 
to a session credential for the second system, the session credential granted by the 
second system based at least in part on the log in information. (Col. 7. lines 10-12; Col. 
12, lines 48-49) 
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Gupta et al. do not explicitly disclose a method comprising sending, from the first 
system to the client, a log in page; and receiving, at the first system from the client, log 
in information. 

Makower et al. in analogous art, however, disclose a method comprising: 

sending, from the first system to the client, a log in page; (Page 4. paragraph 32; 
...web server prompts the client browser with a log in page .,.) 

receiving, at the first system from the client, log in information; (Page 4, 
paragraph 32; the client browser provides authentication information...) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Gupta et al. to 
include a method comprising sending, from the first system to the client, a log in page; 
and receiving, at the first system from the client, log in information. This modification 
would have been obvious because a person having ordinary skill in the art would have 
been motivated to do so, as suggested by, Makower et al. (Abstract) in order to 
implement a single-sign on protocol independent of the actual authentication 
mechanism used by different servers. 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892 attached. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay vyhose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 



supervisor, Albert Decady can be reached on 571-272-3819. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Shewaye Gelagay 

Examiner 
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